check if the secret is present before asking for a code

functions.lua

@@ -192,3 +192,11 @@ function otp.get_player_secret_b32(name)
     end
     return secret_b32
 end
+
+-- returns true if the player is otp enabled _and_ set up properly
+function otp.is_player_enabled(name)
+    local has_secret = otp.storage:get_string(name .. "_secret") ~= ""
+    local has_priv = minetest.check_player_privs(name, "otp_enabled")
+
+    return has_secret and has_priv
+end

join.lua

@@ -65,7 +65,7 @@ end
 -- Code formspec on join for otp enabled players
 minetest.register_on_joinplayer(function(player)
     local playername = player:get_player_name()
-    if minetest.check_player_privs(playername, "otp_enabled") then
+    if otp.is_player_enabled(playername) then
         minetest.log("action", "[otp] session start for player: '" .. playername .. "'")
 
         -- start otp session time